Comments on: Symantec’s New “Statistical Approach” to Computer Security http://cybernetnews.com/symantecs-new-statistical-approach-to-computer-security/ Technology News Sun, 22 Nov 2009 18:45:09 -0600 http://wordpress.org/?v=2.8.6 hourly 1 By: Ryan http://cybernetnews.com/symantecs-new-statistical-approach-to-computer-security/comment-page-1/#comment-138387 Ryan Tue, 27 May 2008 16:49:09 +0000 http://cybernetnews.com/?p=12785#comment-138387 <div class="commentquote"><a href="#comment-138361" rel="nofollow">CoryC wrote:</a><blockquote>I think Symantec is going to need to use both heuristic analysis and statistical analysis if they are going to offer an effective malware scanner.</blockquote></div> I'm sure they'll be using multiple methods for identification, and this will just be an additional method of protection. <div class="commentquote"><a href="#comment-138366" rel="nofollow">Anonymous wrote:</a><blockquote>Wide spread viruses are usually known so I think those can be easily blacklisted.</blockquote></div> That's true, and something that I hadn't thought about. So this could turn out to be rather effective. <div class="commentquote"><a href="#comment-138374" rel="nofollow">Lashiec wrote:</a><blockquote>Anyway, Norton perception problem does not lie in its poor detection capabilities, but the impact the software has on computer performance (or it used to have at least).</blockquote></div> They claim that this will help with performance though, which is one reason why it's intriguing. I'm interested to see whether they will be able to recover some of the reputation they have lost. CoryC wrote:
I think Symantec is going to need to use both heuristic analysis and statistical analysis if they are going to offer an effective malware scanner.

I’m sure they’ll be using multiple methods for identification, and this will just be an additional method of protection.

Anonymous wrote:
Wide spread viruses are usually known so I think those can be easily blacklisted.

That’s true, and something that I hadn’t thought about. So this could turn out to be rather effective.

Lashiec wrote:
Anyway, Norton perception problem does not lie in its poor detection capabilities, but the impact the software has on computer performance (or it used to have at least).

They claim that this will help with performance though, which is one reason why it’s intriguing. I’m interested to see whether they will be able to recover some of the reputation they have lost.

]]> By: Lashiec http://cybernetnews.com/symantecs-new-statistical-approach-to-computer-security/comment-page-1/#comment-138374 Lashiec Tue, 27 May 2008 10:35:34 +0000 http://cybernetnews.com/?p=12785#comment-138374 Well, he says they will use that data as a factor to detect malware, so clearly they'll use other methods. I think what the means is that they're creating something similar to SpyNet in Windows Defender or the whole ThreatFire idea. Anyway, Norton perception problem does not lie in its poor detection capabilities, but the impact the software has on computer performance (or it used to have at least). Well, he says they will use that data as a factor to detect malware, so clearly they’ll use other methods. I think what the means is that they’re creating something similar to SpyNet in Windows Defender or the whole ThreatFire idea.

Anyway, Norton perception problem does not lie in its poor detection capabilities, but the impact the software has on computer performance (or it used to have at least).

]]> By: Anonymous http://cybernetnews.com/symantecs-new-statistical-approach-to-computer-security/comment-page-1/#comment-138366 Anonymous Mon, 26 May 2008 22:46:30 +0000 http://cybernetnews.com/?p=12785#comment-138366 Wide spread viruses are usually known so I think those can be easily blacklisted. Wide spread viruses are usually known so I think those can be easily blacklisted.

]]> By: CoryC http://cybernetnews.com/symantecs-new-statistical-approach-to-computer-security/comment-page-1/#comment-138361 CoryC Mon, 26 May 2008 20:13:22 +0000 http://cybernetnews.com/?p=12785#comment-138361 "The problem we see is that if a virus is wide-spread and installed on thousands of computers, which happens, it could provide a false sense of reassurance. It seems as though solely using a statistical approach could prove to be faster, but unfortunately, it could be less reliable. " I'm sure there would be other factors in determining if the software is a virus or not (probably dozens). More importantly, todays virus are identified by their "signature"; their file name is often random to help avoid detection. So each installed instance of the virus would appear to be unique. I think Symantec is going to need to use both heuristic analysis and statistical analysis if they are going to offer an effective malware scanner. “The problem we see is that if a virus is wide-spread and installed on thousands of computers, which happens, it could provide a false sense of reassurance. It seems as though solely using a statistical approach could prove to be faster, but unfortunately, it could be less reliable. ”

I’m sure there would be other factors in determining if the software is a virus or not (probably dozens). More importantly, todays virus are identified by their “signature”; their file name is often random to help avoid detection. So each installed instance of the virus would appear to be unique.

I think Symantec is going to need to use both heuristic analysis and statistical analysis if they are going to offer an effective malware scanner.

]]>